From 09eb0fb0e2ada5235a77584e5249e2e2d7f48529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 09:38:45 +0200 Subject: [PATCH 1/6] data dir --- conf/config.php | 10 +++++----- manifest.toml | 3 +++ scripts/backup | 7 +++++++ scripts/restore | 10 ++++++++++ 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/conf/config.php b/conf/config.php index 32da5ae..a406a6b 100644 --- a/conf/config.php +++ b/conf/config.php @@ -7,7 +7,7 @@ /*******************************************************************/ // Data folder (must be writeable by the web server user and absolute) -define('DATA_DIR', __DIR__.DIRECTORY_SEPARATOR.'data'); +define('DATA_DIR', __DATA_DIR__); // Enable/Disable debug define('DEBUG', false); @@ -16,10 +16,10 @@ define('DEBUG', false); define('LOG_DRIVER', 'system'); // Log filename if the log driver is "file" -define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log'); +define('LOG_FILE', __DATA_DIR__/debug.log'); // Plugins directory -define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins'); +define('PLUGINS_DIR', __INSTALL_DIR__/plugins); // Plugins directory URL define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json'); @@ -33,10 +33,10 @@ define('PLUGIN_INSTALLER', true); define('CACHE_DRIVER', 'memory'); // Cache folder to use if cache driver is "file" (must be writeable by the web server user) -define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'); +define('CACHE_DIR', __DATA_DIR__/cache); // Folder for uploaded files (must be writeable by the web server user) -define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files'); +define('FILES_DIR', __DATA_DIR__/files); // Enable/disable email configuration from the user interface define('MAIL_CONFIGURATION', true); diff --git a/manifest.toml b/manifest.toml index 28dccd4..335bc22 100644 --- a/manifest.toml +++ b/manifest.toml @@ -54,6 +54,9 @@ ram.runtime = "50M" [resources.install_dir] + [resources.data_dir] + subdirs = ["cache", "files"] + [resources.permissions] main.url = "/" #main.auth_header = false diff --git a/scripts/backup b/scripts/backup index 8f2ab35..b3bf5a5 100644 --- a/scripts/backup +++ b/scripts/backup @@ -21,6 +21,13 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$install_dir" +#================================================= +# BACKUP THE DATA DIR +#================================================= + +# Only relevant if there is a "data_dir" resource for this app +ynh_backup --src_path="$data_dir" --is_big + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= diff --git a/scripts/restore b/scripts/restore index 8ca511f..74e72a5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -24,6 +24,16 @@ chmod -R 700 $install_dir/sessions chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# RESTORE THE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Restoring the data directory..." --weight=1 + +ynh_restore_file --origin_path="$data_dir" --not_mandatory + +# (Same as for install dir) +chown -R $app:www-data "$data_dir" + #================================================= # RESTORE THE MYSQL DATABASE #================================================= From 94439a93367dac8b55e857fbb00ff1aec65cb20f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 09:40:03 +0200 Subject: [PATCH 2/6] cleaning --- scripts/restore | 2 +- scripts/upgrade | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/restore b/scripts/restore index 74e72a5..ab6d069 100644 --- a/scripts/restore +++ b/scripts/restore @@ -57,7 +57,7 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" # Recreate a dedicated php-fpm config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion +ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint ynh_restore_file --origin_path="/etc/cron.d/$app" chown root: "/etc/cron.d/$app" diff --git a/scripts/upgrade b/scripts/upgrade index 160ea05..d206d28 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -54,7 +54,7 @@ fi mkdir -p $install_dir/sessions/ -chown -R $app $install_dir/{data,plugins,sessions} +chown -R $app $install_dir/{plugins,sessions} chmod -R 700 $install_dir/sessions chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" @@ -65,7 +65,7 @@ chown -R $app:www-data "$install_dir" ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=5 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint +ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint # Create a dedicated NGINX config ynh_add_nginx_config From 02f0454b3ba5fb5729f06c8a8fca64155a774b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 09:41:12 +0200 Subject: [PATCH 3/6] cleaning --- scripts/install | 3 +-- scripts/upgrade | 38 ++++++++++++++++++-------------------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/scripts/install b/scripts/install index d27de19..d8f0461 100644 --- a/scripts/install +++ b/scripts/install @@ -36,7 +36,7 @@ ynh_setup_source --dest_dir="$install_dir" mkdir -p $install_dir/sessions/ -chown -R $app $install_dir/{data,plugins,sessions} +chown -R $app $install_dir/{plugins,sessions} chmod -R 700 $install_dir/sessions chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" @@ -59,7 +59,6 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -dir="__DIR__" ynh_add_config --template="../conf/config.php" --destination="$install_dir/config.php" chmod 400 "$install_dir/config.php" diff --git a/scripts/upgrade b/scripts/upgrade index d206d28..eb2a5bd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -49,7 +49,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=3 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" --keep="data/ config.php" + ynh_setup_source --dest_dir="$install_dir" --keep="config.php" fi mkdir -p $install_dir/sessions/ @@ -70,6 +70,23 @@ ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint # Create a dedicated NGINX config ynh_add_nginx_config +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 + +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +chown root: "/etc/cron.d/$app" +chmod 644 "/etc/cron.d/$app" + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template="../conf/config.php" --destination="$install_dir/config.php" + +chmod 400 "$install_dir/config.php" +chown $app "$install_dir/config.php" + #================================================= # SPECIFIC UPGRADE #================================================= @@ -84,25 +101,6 @@ pushd $install_dir php$phpversion cli plugin:upgrade --no-interaction --verbose popd -#================================================= -# SETUP CRON -#================================================= -ynh_script_progression --message="Setuping a cron..." --weight=2 - -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" -chown root: "/etc/cron.d/$app" -chmod 644 "/etc/cron.d/$app" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 - #================================================= # END OF SCRIPT #================================================= From e5b7284b2cc53b042f82d2236cad9fc8612e22ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 10:57:55 +0200 Subject: [PATCH 4/6] Update nginx.conf --- conf/nginx.conf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3dc91b0..7186767 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,11 +13,6 @@ location __PATH__/ { location __PATH__/(?:kanboard|config.php|config.default.php) { deny all; } - - # Deny access to the directory data - location __PATH__/data { - deny all; - } try_files $uri $uri/ __PATH__/index.php; location ~ [^/]\.php(/|$) { From 62b67897c659fb0285da09c8304067a69a4d3b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 12:53:05 +0200 Subject: [PATCH 5/6] cleaning --- scripts/install | 1 + scripts/upgrade | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index e474cb8..44985a7 100644 --- a/scripts/install +++ b/scripts/install @@ -65,6 +65,7 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 +dir="__DIR__" ynh_add_config --template="../conf/config.php" --destination="$install_dir/config.php" chmod 400 "$install_dir/config.php" diff --git a/scripts/upgrade b/scripts/upgrade index 701b8b9..406d11f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -82,6 +82,7 @@ chmod 644 "/etc/cron.d/$app" #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 +dir="__DIR__" ynh_add_config --template="../conf/config.php" --destination="$install_dir/config.php" chmod 400 "$install_dir/config.php" From 67b4e877f6ebf82ee9ec4f929dbedad678ae4c80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Oct 2023 13:05:43 +0200 Subject: [PATCH 6/6] Update config.php --- conf/config.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/config.php b/conf/config.php index a47ee93..5b47aa4 100644 --- a/conf/config.php +++ b/conf/config.php @@ -7,7 +7,7 @@ /*******************************************************************/ // Data folder (must be writeable by the web server user and absolute) -define('DATA_DIR', __DATA_DIR__); +define('DATA_DIR', '__DATA_DIR__/'); // Enable/Disable debug define('DEBUG', false); @@ -16,10 +16,10 @@ define('DEBUG', false); define('LOG_DRIVER', 'system'); // Log filename if the log driver is "file" -define('LOG_FILE', __DATA_DIR__/debug.log'); +define('LOG_FILE', '__DATA_DIR__/debug.log'); // Plugins directory -define('PLUGINS_DIR', __INSTALL_DIR__/plugins); +define('PLUGINS_DIR', '__INSTALL_DIR__/plugins'); // Plugins directory URL define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json'); @@ -33,10 +33,10 @@ define('PLUGIN_INSTALLER', true); define('CACHE_DRIVER', 'memory'); // Cache folder to use if cache driver is "file" (must be writeable by the web server user) -define('CACHE_DIR', __DATA_DIR__/cache); +define('CACHE_DIR', '__DATA_DIR__/cache'); // Folder for uploaded files (must be writeable by the web server user) -define('FILES_DIR', __DATA_DIR__/files); +define('FILES_DIR', '__DATA_DIR__/files'); // Enable/disable email configuration from the user interface define('MAIL_CONFIGURATION', true);